WASHINGTON – Stars of private and government cybersecurity showed a united front on Tuesday, urging a congressional committee to develop more aggressive cyber capabilities with greater assistance from private companies.
Charting a more muscular course in cybersecurity could prove critical as President Trump considers possible military intervention in Iran, cybersecurity experts told the Cybersecurity and Infrastructure Protection Subcommittee.
In a display of uncommon unanimity, every single witness—private and federal alike—staunchly agreed regarding the need for a more robust framework to combat foreign cyber-adversaries.
“The United States can no longer afford deterrence without offensive cyber capabilities,” said Rep. Andy Ogles, R-Texas, chairman of the subcommittee. “Defense alone is not sufficient.”
The current relationship between the US and its cyber adversaries, namely Chinese Volt Typhoon group, has been relatively one-sided, witnesses said. China has penetrated the cyber-infrastructure of several key US organizations, including water, power, and port systems, and the response from the US has been “unreasonably restrained,” according to Joe Lin, CEO of Twenty Technologies.
“They escalate and we absorb,” he said. “And because we absorb, they keep escalating.”
Rep. Bennie Thompson, D-Miss., the top Democrat of the subcommittee, criticized the Trump administration for cutting roughly one-third of the personnel at the U.S. Cybersecurity and Infrastructure Security Agency since the beginning of 2025, largely due to layoffs.
“If our national cyber security strategy is going to shift toward a more aggressive offensive cyber strategy, we will need to ensure that the agencies responsible for such efforts, such as U.S. Cyber Command and the National Security Agency, have the staffing and resources necessary to carry out offensive cyber operations,” he said. “Yet, both Cyber Command and the NSA have had personnel reductions over the last year. If you’re going to fight an enemy, you need the ability to do that.”
Experts stressed the need for a more diverse pool of cyber-security workers that can act boldly over a bigger team.
“We have to think like the adversary,” said Emily Harding, who directs the Intelligence, National Security, and Technology Program at the Center for Strategic and International Studies think tank. “I always ask people, ‘Are you interested in doing sneaky and illegal things in the cyber world? Join NSA.’”
Witnesses also implied that artificial intelligence needs to play a more prominent role in federal cybersecurity efforts. Lin stressed the importance of automating procedures to help human operatives handle several cyber-domains at once. Frank Cilluffo, who worked on the Bush administration’s cybersecurity, also referenced AI as a powerful tool to augment and focus interactions with threat actors.
Outside the hearing, cybersecurity experts cautioned against using AI to direct offensive cyber attacks.
“We’ve seen a lot of potential uses of AI to sort of detect cyber events as they’re occurring,” said Kyle Crichton, a research fellow at the Center for Security and Emerging Technology, a Georgetown University think tank. “There is, I think, much more risk there with the unpredictability of AI and how much control you are giving in authorizing AI to conduct any sort of cyber attack.”
Although the mood of the hearing was unusually bipartisan, four of the five Democratic representatives began their statements and questions by acknowledging Renee Nicole Good, who was shot and killed by an ICE agent in Minneapolis last week.
Despite increasing division within the federal government, cybersecurity as a zone of legislation has historically been bipartisan. The Biden administration’s cybersecurity initiatives explicitly stated that they were meant to build on what the Trump administration had instituted in the prior term. Though President Trump himself has been vocal about stepping away from liberal initiatives, his 2016 administration’s cybersecurity plans also built off of what Obama’s White House had created.
“There’s sort of a legacy of non partisanship in this particular area of national security policy of administrations building on their predecessors,” said Nicholas Leiserson, senior vice president for policy at the Institute for Security and Technology, a tech policy think tank.
However, Leiserson expressed concern about budget cuts under President Donald Trump. “The one thing where you have seen a very significant shift, I think, is on the implementation and budgetary side.”
The Trump administration announced plans to reduce safeguards and accountability and steer away from “[m]icromanaging technical cybersecurity decisions better handled at the department and agency level, where budget tradeoffs and innovative solutions can be more effectively evaluated and implemented,” according to a White House fact sheet.
Experts expressed concern about how increased involvement of private actors in federal cybersecurity would mean for accountability.
“We have historically placed in any physical domain or cyber domain sort of police powers in the hands of governments because of the accountability mechanisms there,” Lieserson said. “And I think there’s a significant risk that if you have private sector actors who have fewer of those controls, legal requirements, whatever else, the government would be internationally liable.”
U.S. cybersecurity was on display in last week’s strike against Venezuela. Experts said the US likely deployed measures to disable Caracas’ electric grids and conducted a cyber-attack against Venezuelan air defenses. Should the US move into Iran, another major cyber actor, experts said the US would likely use cyber warfare as well. However, deploying measures like this are a double-edged sword, as they expose US cyber capabilities to its adversaries, said Rep. Ogles.